Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-31547 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aphotrax Uptime Robot Plugin for WordPress uptime-robot-monitor allows SQL Injection.This issue affects Uptime Robot Plugin for WordPress: from n/a through <= 2.3. CVSSv3.1 8.5 (HIGH)
CVE-2025-31542 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Blind SQL Injection.This issue affects My auctions allegro: from n/a through <= 3.6.20. CVSSv3.1 8.5 (HIGH)
CVE-2025-31526 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows SQL Injection.This issue affects Behance Portfolio Manager: from n/a through <= 1.7.5. CVSSv3.1 8.5 (HIGH)
CVE-2025-22526 — Deserialization: of Untrusted Data vulnerability in mywebtonet PHP/MySQL CPU performance statistics mywebtonet-performancestats allows Object
Deserialization of Untrusted Data vulnerability in mywebtonet PHP/MySQL CPU performance statistics mywebtonet-performancestats allows Object Injection.This issue affects PHP/MySQL CPU performance statistics: from n/a through <= 1.2.1. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-22523 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scheduler Schedule schedule allows Blind SQL Injection.This issue affects Schedule: from n/a through <= 1.0.0. CVSSv3.1 9.3 (CRITICAL)
CVE-2024-54362 — Path: Traversal: '.../...//' vulnerability in boggibill GetShop ecommerce getshop-ecommerce allows Path Traversal.This issue affects
Path Traversal: '.../...//' vulnerability in boggibill GetShop ecommerce getshop-ecommerce allows Path Traversal.This issue affects GetShop ecommerce: from n/a through <= 1.3. CVSSv3.1 8.1 (HIGH)
CVE-2024-54291 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in labs64
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in labs64 PluginPass pluginpass-pro-plugintheme-licensing allows Manipulating Web Input to File System Calls.This issue affects PluginPass: from n/a through <= 0.9.10. CVSSv3.1 8.6 (HIGH)
CVE-2025-31466 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Falcon Solutions Duplicate Page and Post duplicate-post-and-page allows Blind SQL Injection.This issue affects Duplicate Page and Post: from n/a through <= 1.0. CVSSv3.1 8.5 (HIGH)
CVE-2025-2815 — Administrator: The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that
The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminz_import_backup() function in all versions up to, and including, 2025.03.24. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator a CVSSv3.1 8.8 (HIGH)
CVE-2025-26898 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-26873 — Deserialization: of Untrusted Data vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a
Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1. CVSSv3.1 9.0 (CRITICAL)
CVE-2025-26733 — Authorization: Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through <
Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1. CVSSv3.1 8.2 (HIGH)
CVE-2025-26909 — Wpplugins Hide_my_wp_ghost: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through <= 5.4.01. CVSSv3.1 9.6 (CRITICAL)
CVE-2025-22783 — Squirrly Seo_plugin_by_squirrly_seo: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO squirrly-seo allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through <= 12.4.03. CVSSv3.1 8.5 (HIGH)
CVE-2025-2857 — Mozilla Firefox: Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern
Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 136.0.4, Firefox ESR 128.8.1, CVSSv3.1 10.0 (CRITICAL)
CVE-2025-30891 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam WpTravelly tour-booking-manager allows PHP Local File Inclusion.This issue affects WpTravelly: from n/a through <= 1.8.7. CVSSv3.1 8.8 (HIGH)
CVE-2025-30846 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows PHP Local File Inclusion.This issue affects Restaurant Menu by MotoPress: from n/a through <= 2.4.4. CVSSv3.1 8.8 (HIGH)
CVE-2025-30819 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Igor Benic Simple Giveaways giveasap allows SQL Injection.This issue affects Simple Giveaways: from n/a through <= 2.48.1. CVSSv3.1 8.5 (HIGH)
CVE-2025-30810 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Blind SQL Injection.This issue affects Lead Form Data Collection to CRM: from n/a through <= 3.0.1. CVSSv3.1 8.5 (HIGH)
CVE-2025-30806 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Constantin Boiangiu Vimeotheque codeflavors-vimeo-video-post-lite allows SQL Injection.This issue affects Vimeotheque: from n/a through <= 2.3.4.2. CVSSv3.1 8.5 (HIGH)
CVE-2025-30788 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Eli EZ SQL Reports Shortcode Widget and DB
Cross-Site Request Forgery (CSRF) vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup elisqlreports allows SQL Injection.This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a through <= 5.25.08. CVSSv3.1 8.2 (HIGH)
CVE-2025-30784 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows SQL Injection.This issue affects WP Subscription Forms: from n/a through <= 1.2.3. CVSSv3.1 8.5 (HIGH)
CVE-2025-30783 — Site: Cross-Site Request Forgery (CSRF) vulnerability in jgwhite33 WP Google Review Slider wp-google-places-review-slider allows SQL
Cross-Site Request Forgery (CSRF) vulnerability in jgwhite33 WP Google Review Slider wp-google-places-review-slider allows SQL Injection.This issue affects WP Google Review Slider: from n/a through <= 16.0. CVSSv3.1 8.2 (HIGH)
CVE-2025-30775 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows SQL Injection.This issue affects WPGuppy: from n/a through <= 1.1.3. CVSSv3.1 8.5 (HIGH)
CVE-2025-30772 — Authorization: Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce wpc-smart-upsell-funnel allows Privilege
Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce wpc-smart-upsell-funnel allows Privilege Escalation.This issue affects WPC Smart Upsell Funnel for WooCommerce: from n/a through <= 3.0.4. CVSSv3.1 8.8 (HIGH)